Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th September 2008, 18:25
atjensen11 atjensen11 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 199
Thanks: 9
Thanked 6 Times in 6 Posts
Default SPF, DKIM, & DomainKeys with Postfix virtual users

I am planning on implementing the three following How-To's that are found on this site.

http://www.howtoforge.com/postfix_spf
http://www.howtoforge.com/how-to-imp...lter-centos5.1
http://www.howtoforge.com/postfix-dk...lter-centos5.1

I am running Postfix on an Ubuntu 8.04 server which was setup to use a MySQL database for virtual users. It was configured by following this How-To http://www.howtoforge.com/virtual-us...ail-ubuntu8.04

As I understand, these methods require changes to DNS records. Where I am confused in in regards to which DNS records I need to add these TXT records.

Do I only add the information for the DNS record of the email server?

Or do I need to add a TXT record for each domain that is authorized to send mail through my email server?

To me, the first one makes more sense since the email server is sending mail on behalf of the virtual host domains, but I am not sure I am correct in this thinking.

Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2008, 19:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

You must add a TXT record for each domain.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st September 2008, 19:33
atjensen11 atjensen11 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 199
Thanks: 9
Thanked 6 Times in 6 Posts
Default

The OpenSPF website is down. After reading some posts, it sounds as though it has been down for several weeks and it is unknown at this time when it will be up again and under which domain name.

Does anyone happen to have a copy of the download I need from www.openspf.org that is referenced in the Postfix SPF How-To?

Thanks.
Reply With Quote
  #4  
Old 22nd September 2008, 13:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

I think these links are helpful if the openspf web aite doesn't work anymore: http://emailuniverse.com/ezine-tips/?id=1202
http://www.linuxjournal.com/article/7327
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 25th September 2008, 15:44
atjensen11 atjensen11 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 199
Thanks: 9
Thanked 6 Times in 6 Posts
Default

I see today that the OpenSPF site is now back online. In the mean time, I have been trying to implement DomainKeys on my Ubuntu machine running Postfix. I have two resources that I am trying to use, but I have gotten stumped.

The first is a How To here on this site:
http://www.howtoforge.com/how-to-imp...lter-centos5.1

The How To on this site is focused on CentOS. The installation process is different and I believe the configuration files are different. But the Postfix stuff should be relatively similar.

The second resource is here:
http://stas.nerd.ro/blog/index.php/2...-ubuntu-hardy/

This site and the resulting tutorial isn't nearly as well documented or explained as I have come accustomed to on How To Forge.

I originally setup my mail server by following this guide:
http://www.howtoforge.com/virtual-us...ail-ubuntu8.04

I have installed dk-filter and adjusted the settings in the configuration file under the /etc directory. I have generated keys and pasted the public key into a TXT record in my DNS record. I have checked this DNS entry with some online tools and they returned no errors.

I have tried to muddle my way through the necessary changes to the Postfix main and/or master configuration files, but that is where my experience is lacking.

Do I need to add statements to both files? I am guessing I need to setup another loop similar to how amavis is looping between 10024 and 10025.
Reply With Quote
  #6  
Old 26th September 2008, 16:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

According to http://stas.nerd.ro/blog/index.php/2...-ubuntu-hardy/ you only need to edit main.cf.

What's the output of
Code:
netstat -tap
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 28th September 2008, 05:28
atjensen11 atjensen11 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 199
Thanks: 9
Thanked 6 Times in 6 Posts
 
Default

I think I have SPF up and running now. So I am onto the DomainKeys implementation.

Here is a snippet of the results of netstat -tap (I removed all apache, mysql, and tcp6 lines as I didn't think they were important):

Code:
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost.localdo:60000 *:*                     LISTEN      6564/postgrey.pid -
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      6430/amavisd (maste
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      13100/master
tcp        0      0 localhost.localdo:spamd *:*                     LISTEN      6568/spamd.pid
tcp        0      0 *:smtp                  *:*                     LISTEN      13100/master
tcp        0      0 localhost.localdom:8892 *:*                     LISTEN      13173/dk-filter
When I enable the following lines in the Postfix main.cf file by uncommenting them, I cannot send email.

Code:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892
Instead, I get an error from Outlook saying:
Code:
Reported error (0x800CCC6A) : 'Your outgoing (SMTP) e-mail server has reported an internal error. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).  The server responded: 451 4.7.1 Service unavailable - try again later'
In my mail log, I see the following:
Code:
Sep 27 22:26:24 gopher dk-filter[13173]: D2702C0CC18: dk_getsig(): resource unavailable: PEM_read_bio_PrivateKey() failed
Sep 27 22:26:24 gopher dk-filter[13173]: D2702C0CC18 SSL error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 27 22:26:24 gopher postfix/cleanup[13293]: D2702C0CC18: milter-reject: END-OF-MESSAGE from unknown[192.168.100.2]: 4.7.1 Service unavailable - try again later; from=<xxxxx@xxxxx.com> to=<check-auth@verifier.port25.com> proto=ESMTP helo=<xxxx>
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 11:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Junk mail and spamassassin... sthompson Installation/Configuration 4 27th December 2006 16:11
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 04:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.